Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ISSUE] Issue with databricks_credential resource: unable to modify #4335

Open
moritzmeister opened this issue Dec 19, 2024 · 0 comments · May be fixed by #4349
Open

[ISSUE] Issue with databricks_credential resource: unable to modify #4335

moritzmeister opened this issue Dec 19, 2024 · 0 comments · May be fixed by #4349

Comments

@moritzmeister
Copy link

Hi,

I am having issues updating a service credential after it has been created the first time.

Configuration

resource "databricks_credential" "this" {
  for_each                 = { for i in var.credentials : i.name => i }
  comment                  = each.value.comment
  force_destroy            = each.value.force_destroy
  force_update             = each.value.force_update
  isolation_mode           = each.value.isolation_mode
  name                     = each.value.name
  owner                    = each.value.owner
  purpose                  = each.value.purpose
  read_only                = each.value.read_only
  skip_validation          = each.value.skip_validation

  dynamic "aws_iam_role" {
    for_each = each.value.aws_iam_role != null ? [each.value.aws_iam_role] : []
    content {
      role_arn              = aws_iam_role.value.role_arn
    }
  }

  dynamic "azure_managed_identity" {
    for_each = each.value.azure_managed_identity != null ? [each.value.azure_managed_identity] : []
    content {
      access_connector_id = azure_managed_identity.value.access_connector_id
      credential_id       = azure_managed_identity.value.credential_id
      managed_identity_id = azure_managed_identity.value.managed_identity_id
    }
  }

  dynamic "azure_service_principal" {
    for_each = each.value.azure_service_principal != null ? [each.value.azure_service_principal] : []
    content {
      application_id = azure_service_principal.value.application_id
      client_secret  = azure_service_principal.value.client_secret
      directory_id   = azure_service_principal.value.directory_id
    }
  }

  dynamic "databricks_gcp_service_account" {
    for_each = each.value.databricks_gcp_service_account != null ? [each.value.databricks_gcp_service_account] : []
    content {
      credential_id  = databricks_gcp_service_account.value.credential_id
      email          = databricks_gcp_service_account.value.email
      private_key_id = databricks_gcp_service_account.value.private_key_id
    }
  }
}

Expected Behavior

Should be able to update a credential.

Actual Behavior

Unable to update an existing credential, it seems to be trying to set a field that's cannot be provided.

Terraform will perform the following actions:

  # databricks_credential.this["eu-west-1-automation-dev-databricks-uc-stor-cred-sqs-role-test"] will be updated in-place
  ~ resource "databricks_credential" "this" {
      ~ comment                  = "Managed by TF111" -> "Managed by TF"
        id                       = "eu-west-1-automation-dev-databricks-uc-stor-cred-sqs-role-test"
        name                     = "eu-west-1-automation-dev-databricks-uc-stor-cred-sqs-role-test"
        # (12 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

databricks_credential.this["eu-west-1-automation-dev-databricks-uc-stor-cred-sqs-role-test"]: Modifying... [id=eu-west-1-automation-dev-databricks-uc-stor-cred-sqs-role-test]
╷
│ Error: cannot update credential: UpdateCredential aws_iam_role.unity_catalog_iam_arn can not be provided.
│
│   with databricks_credential.this["eu-west-1-automation-dev-databricks-uc-stor-cred-sqs-role-test"],
│   on credentials.tf line 13, in resource "databricks_credential" "this":13: resource "databricks_credential" "this" {

Steps to Reproduce

  1. terraform apply a new credential
  2. modify for example the comment
  3. terraform apply again

Terraform and provider versions

Terraform v1.9.8
on darwin_arm64
+ provider registry.terraform.io/databricks/databricks v1.62.0
+ provider registry.terraform.io/hashicorp/aws v5.81.0

Your version of Terraform is out of date! The latest version
is 1.10.2. You can update by downloading from https://www.terraform.io/downloads.html

Is it a regression?

Not that I am aware, haven't used the resource before.

Debug Output

Important Factoids

Would you like to implement a fix?

@moritzmeister moritzmeister changed the title [ISSUE] Issue with databricks_XXX resource [ISSUE] Issue with databricks_credential resource: unable to modify Dec 19, 2024
alexott added a commit that referenced this issue Dec 24, 2024
This is a workaround for a problem in the API spec.

Resolves #4335
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
1 participant